- From: Ruben Verborgh (UGent-imec) <Ruben.Verborgh@UGent.be>
- Date: Fri, 3 Aug 2018 23:21:29 +0000
- To: Daniel Veditz <dveditz@mozilla.com>
- CC: "Miel Vander Sande (UGent-imec)" <Miel.VanderSande@UGent.be>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Herbert Van de Sompel <hvdsomp@gmail.com>
> I think Ruben went wrong trying to argue all Accept-* headers are > safe. I still haven't been proven wrong, but I get your point. > or pursued the > "Safe-*" header option Anne suggested. Though that, of course, would > require the Memento protocol changing it's headers. …and that's of course not feasible. But the more interesting option, as suggested by Anne in another channel, is Origin Policy: https://github.com/whatwg/fetch/issues/326#issuecomment-239423301 Best, Ruben
Received on Friday, 3 August 2018 23:22:32 UTC